【正文】 0。netmoduleinNT,2000andXPsystems,butmostdon39。trealiseitspower.Aremote(orlocal)attackercanusetodomanydifferentthings.OpenDOSandhitnet,andaloadofoptionseup.Illtakeyouthroughafew:sharecanbeusedtocreate,deleteormodifysharesonthesystem(.someonecouldsharethetargetsdrivesforeasyaccesslater),usercanbeusedtocreate,delete,andgetalistofusersonthatsystem,andgroupcanbeusedtomodifywhoisinwhichgroup,andcreateordeletegroups.Netdoesn39。thaveaGUIeither,withskilfuluseofitalot(forexample,explorenetservices).Also,mostprepiledexploitsthatyoucangetholdofruninDOS,anddropyouinaDOSshell.ThatisonereasonwhyeveryoneshouldknowDOSwell.Everyoneshouldbefamiliarandcapablewithit,anditfarmorepowerfulthatmostGUIprograms。DOSapplicationsarealsoversatileandnofrills(gettheDOStoolkitfromandseewhatImean).YoucanevenIRCinDOS!It39。sasmall.exeprogram,noinstallrequired,easytouse.Ifthat39。snotagoodapplication,Idon39。tknowwhatis.Infact,somethingsareeasiertodoinDOSthanWindows.Forexample,sayyouneedtospoofyourboxpletely(forwhateverreason):IP,hostname,domainandMACaddress.InWindows,youwouldhavetoopensystemproperties,controlpanelandconnectionproperties(andprobablyhavetogetholdofafewprograms).InDOShowever,it39。seasy.Openashell,usehostnamehostnametochangeit,ipconfigtosetyourIPandMACaddress,andnettochangedomain.NoGUIrequired,anditwasdonequickly.ApartfromtheserioussideofDOS,therearefunnythingsyoucando.Sayforexample,you39。reinamachine,anddecidetomessaround(weallgothroughthatphase).Youcanusenetsendtosendpopupmessagestothepersononthatbox(thatusuallyscaresthemsilly),ornetprinttoprintoffamessagetothem.Shutdown(orrunoncein95/98)canbeusedtologthemoff,switchuserorrebootthemachine(andyoucanincludeament!).Startcanbeusedtostartanapplicationinanewwindow(screensaverforexample),oryoucouldcreateafileontheirdesktopforinstance.I39。msureeveryonecanthinkofsomething.Mypersonalfavouriteischangingtheirsystemtimeto1337on2000AD...Y2kbug!OK,sayyou39。reusingDOSbutyoureallyneed/wantaGUIforwhateverreason.Whenconnectedtothetarget,chancesareitwillbe2000/XP.WhatyoucanthendoinDOSinnetstartTerminalServices.Thismandstartsterminalservicesin2000.Ifyouwanttostopit,youusenetstopTerminalServices.Thiswayyoucantheuseremotedesktopconnectionorterminalservicesclienttoconnecttothatbox(tologontoityouneedtouseanaccountonthereorcreateoneusingnetuser).Thereyougo,aGUI!SonowyouhavelearnedasillyamountaboutDOS,wearegoingtouseit(intheoryanyway).Forthistheoretichack,wewillbeusingaLAN,ofeightmachinesrunningWindows2000SP0。oneisadomaincontrollerandsevenareclients.OnthisLANyouhaveauseraccount,andaccesstoCdriveandCommandPrompt(youcantellI39。mbasingthisonmyschool39。snetworkcantyou?).YouhavepasswordcrackersandthelikeonCdriveifyouneedthem(whichyouwon39。t).Youfireuptelnet,andusenetstattogettheserverIP(pingingtheserverwithitsNetBIOSorhostnamewillletyoupingit).Loandbehold,it39。srunningatelnetserver.Youthentelnettoit,butsinceyouarealowlyuseryoucanonlyviewCdriveandyourfiles.Wehavemanyoptionshere:wecoulddropatrojanon,dumphashes,orifyournotafterraisingprivileges..youcouldmessaboutordosomethingsillylikewipeeverything.Wewillgoforraisingprivileges.Atyourclientend,weuseDOStosetupanFTPserver.Youtransferacrossakeyloggerclient,butonlyafterattachingitinthealternatedatastreamtosomethinginconspicuous(suchas),andsetitawayremotely.Thenyouwaittilltheadminlogson(youcouldnetsendtheserverorsomethingtogethisattentionandgethimtologon),andhis/herpasswordispipedtoafile.Youusetypetogetthecontents,andthendeletethefileandlogofftheserver.Now,asadmin,youcouldlogonfromwhereyouare,butifsomeonecatchesyouyou39。rescrewed.So,youfireupterminalservicesandtrytologonasadmin...insertblasphemyhere!!!Terminalservicesisdisabled.Noproblem,yousimplytelnetbackandstartterminalservices.Youthenloginasadminoverterminalservices(thiswayifanyonewasingyoucansimplyclosethewindowthengobacklater),andcreateyourownadminaccount.Youthenlogoutofadmin,intothenewaccountandyouralldone!YoujustownedanetworkusingnothingbutDOS,terminalservicesandakeylogger(butyoucouldhavedoneitwithoutthekeylogger).Tracksarecoveredbydeletingeventsfromeventlogger,andyou39。realldone.Thatexampleshowsjusthowversatile,flexibleandpowerfulDOSisandhowmuchitisoverlooked.ItismyopinionthatDOSisovershadowedbynewGUIprograms,andsinceMSisremovingDOSsupportfrom2000systemsonwards(althoughslowly),soonitcouldbegoneforever.Itwillbeashametoseeitgo.Itmaynotbetheeasiestthingtogetintoasthelearningcurveisquitesteep,buteveryoneshouldbecapableofusingit,asitwillnotletyoudown(itsusefulineverydayputingtoo),itsflexibilityisendless.Ihopeyouenjoyedmyarticle...nowgofindaboxwithport23openorsomething.